Scanning Your LAN for an Open Port

***AngelicKnight*** · July 28th, 2004, 04:42 PM

How does one go about scanning an entire network to look for machines with specific ports open?

For example, one of the latest MyDoom variants looks for port 1034 on potential victims. So, if I wanted to scan my LAN here to find out if any machines have 1034 open, how would I go about doing that? Is this something I would employ Nmap for?

**ss2chef** · July 28th, 2004, 04:44 PM

Just use NMAP on your whole subnet(s) and specify that port.
There are *NIX and Win32 versions available.

www.nmap.org

***cacosapo*** · July 28th, 2004, 05:25 PM

Instead i would advice to install A/V on each machine and scan it on a regular basis.
Scanning network looking for malware will just add overhead on it.
And you will get more malware than just scanning with nmap or similar tool.

***AngelicKnight*** · July 28th, 2004, 05:30 PM

Definately, we'd be crazy not to have AV. I just thought this would be a good extra precaution. Particularly, that port is left open by the previous MyDoom, so I'm wondering, if AV caught MyDoom after it had attacked, would it re-close the port? Or would the port remain opened? That's why I'm thinking it's best to err on the side of caution and scan for the port, just in case.

**ss2chef** · July 28th, 2004, 05:30 PM

Originally posted here by cacosapo
Instead i would advice to install A/V on each machine and scan it on a regular basis.
Scanning network looking for malware will just add overhead on it.
And you will get more malware than just scanning with nmap or similar tool.

I think he simply wanted to scan his network to see what nodes had that port open, not scan for malware per se..??

Could be wrong tho..

**djscribble** · July 28th, 2004, 05:32 PM

what i did here was use Angry IP Scanner (available here ) in it you have a scan for open ports, and you can just scan for that certain port

it is very easy to use and you can save the output as a CSV so you can open it later in M$ Excel

***AngelicKnight*** · July 28th, 2004, 06:27 PM

That's wierd, I could've sworn I had already posted in response to chef...Oh well, anyway, yes, chef's right. I'm just scanning to see if that port's open, not scanning for malware (that's up to the AV and anti-spyware).

***cacosapo*** · July 28th, 2004, 06:53 PM

I got that at 1st post.
But why? a lot of open port is pretty common on intranet.
For someone become a victim, 1st a malware must be present. If you make your network "near" free of them, you are quite protect.
Just to add more "salt" on discussion, some companies scan intranet to see if guys are running "undesirable" software. (i.e. p2p, web servers)
I think that is just a bad remedy to a crap administration.
Users shouldnt able to install anything on their computers and any change on config should be monitored/recorded.
If you have a bad config management, maybe network scan can find some possible problems.

***Tedob1*** · July 28th, 2004, 10:16 PM

rather than install nmap and pcap if you haven't already just get superscan from foundstone it has a much lighter footprint and can get the job done.

**ric-o** · July 29th, 2004, 04:15 AM

Originally posted here by Tedob1
rather than install nmap and pcap if you haven't already just get superscan from foundstone it has a much lighter footprint and can get the job done.

Ted: You suck...beat me to the post.

Let me SECOND Tedo on SuperScan: great little app. I have used both ver 3 and ver 4, and found ver 3 better as far as user interface and ver 4 has addl features.

SuperScan v.3 http://www.foundstone.com/resources/.../superscan.htm
SuperScan v.4 http://www.foundstone.com/resources/...superscan4.htm

I've attached a ports list I use in SuperScan that I built out of a bunch of lists about a year ago.

Thread: Scanning Your LAN for an Open Port

Thread Tools

Display

Scanning Your LAN for an Open Port

Posting Permissions